| [ Index ] |
|
Code source de GeekLog 1.4.1 |
1 <?php 2 3 /* Reminder: always indent with 4 spaces (no tabs). */ 4 // +---------------------------------------------------------------------------+ 5 // | Geeklog 1.4 | 6 // +---------------------------------------------------------------------------+ 7 // | sectest.php | 8 // | | 9 // | Does a quick security check of the Geeklog install | 10 // +---------------------------------------------------------------------------+ 11 // | Copyright (C) 2002-2006 by the following authors: | 12 // | | 13 // | Authors: Dirk Haun - dirk AT haun-online DOT de | 14 // | Jeffrey Schoolcraft - dream AT dr3amscap3 DOT com | 15 // +---------------------------------------------------------------------------+ 16 // | | 17 // | This program is free software; you can redistribute it and/or | 18 // | modify it under the terms of the GNU General Public License | 19 // | as published by the Free Software Foundation; either version 2 | 20 // | of the License, or (at your option) any later version. | 21 // | | 22 // | This program is distributed in the hope that it will be useful, | 23 // | but WITHOUT ANY WARRANTY; without even the implied warranty of | 24 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 25 // | GNU General Public License for more details. | 26 // | | 27 // | You should have received a copy of the GNU General Public License | 28 // | along with this program; if not, write to the Free Software Foundation, | 29 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | 30 // | | 31 // +---------------------------------------------------------------------------+ 32 // 33 // $Id: sectest.php,v 1.4 2006/12/30 15:07:50 dhaun Exp $ 34 35 require_once ('../lib-common.php'); 36 require_once ('auth.inc.php'); 37 38 if (!SEC_inGroup ('Root')) { 39 $display .= COM_startBlock ($MESSAGE[30], '', 40 COM_getBlockTemplate ('_msg_block', 'header')); 41 $display .= $MESSAGE[46]; 42 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 43 $display .= COM_siteFooter (); 44 COM_accessLog ("User {$_USER['username']} tried to illegally access the security check."); 45 echo $display; 46 exit; 47 } 48 49 // ugh, global variable ... 50 $failed_tests = 0; 51 52 /** 53 * Send an HTTP HEAD request for the given URL 54 * 55 * @param string $url URL to request 56 * @param string $errmsg error message, if any (on return) 57 * @return int HTTP response code or 777 on error 58 * 59 */ 60 function doHeadRequest ($url, &$errmsg) 61 { 62 require_once ('HTTP/Request.php'); 63 64 $req = new HTTP_Request ($url); 65 $req->setMethod (HTTP_REQUEST_METHOD_HEAD); 66 $req->addHeader ('User-Agent', 'GeekLog/' . VERSION); 67 $response = $req->sendRequest (); 68 if (PEAR::isError ($response)) { 69 $errmsg = $response->getMessage(); 70 return 777; 71 } else { 72 return $req->getResponseCode (); 73 } 74 } 75 76 /** 77 * Determine the site's base URL to check 78 * 79 * @return string site URL or empty string (= nothing to check) 80 * 81 */ 82 function urlToCheck() 83 { 84 global $_CONF; 85 86 $url = ''; 87 if ($_CONF['path'] == $_CONF['path_html']) { 88 // not good ... 89 $url = $_CONF['site_url']; 90 } else if (substr ($_CONF['path'], 0, strlen ($_CONF['path_html'])) == $_CONF['path_html']) { 91 // "geeklog" dir in the document root 92 $rest = substr ($_CONF['path'], -(strlen ($_CONF['path']) - strlen ($_CONF['path_html']))); 93 $url = $_CONF['site_url'] . '/' . $rest; 94 } else { 95 // check for sites like www.example.com/geeklog 96 $u = $_CONF['site_url']; 97 if (substr ($u, -1) == '/') { 98 $u = substr ($u, 0, -1); 99 } 100 $pos = strpos ($u, ':'); 101 if ($pos !== false) { 102 $u2 = substr ($u, $pos + 3); 103 } else { 104 $u2 = $u; 105 } 106 $p = explode ('/', $u2); 107 if (count ($p) > 1) { 108 $cut = strlen ($p[count ($p) - 1]) + 1; 109 $url = substr ($u, 0, -$cut) . '/'; 110 } 111 } 112 113 return $url; 114 } 115 116 /** 117 * Give an interpretation of the test result 118 * 119 * @param int $retcode HTTP response code of the test 120 * @param string $msg file or directory that was checked 121 * @return string text explaining the result of the test 122 * 123 */ 124 function interpretResult ($retcode, $msg) 125 { 126 global $failed_tests; 127 128 $retval = ''; 129 130 if ($retcode == 200) { 131 $retval = 'Your <strong>' . $msg . '</strong> is reachable from the web.<br><em>This is a security risk and should be fixed!</em>'; 132 $failed_tests++; 133 } else if (($retcode == 401) || ($retcode == 404)) { 134 $retval = 'Good! Your ' . $msg . ' is not reachable from the web.'; 135 } else if (is_numeric ($retcode)) { 136 $retval = 'Got an HTTP result code ' . $retcode . ' when trying to test your ' . $msg . '. Not sure what to make of it ...'; 137 $failed_tests++; 138 } else { 139 $retval = $retcode; 140 } 141 142 return $retval; 143 } 144 145 /** 146 * Create a temporary file 147 * 148 * @param string $file full path of the file to create 149 * @return boolean true: success; false: file creation failed 150 * 151 */ 152 function makeTempfile ($file) 153 { 154 $retval = false; 155 156 $tempfile = @fopen ($file, 'w'); 157 if ($tempfile) { 158 $retval = true; 159 fclose ($tempfile); 160 } 161 162 return $retval; 163 } 164 165 /** 166 * Perform a test 167 * 168 * @param string $baseurl the site's base URL 169 * @param string $urltocheck relative URL to check 170 * @param string $what explanatory text: what is being checked 171 * @return string test result as a list item 172 * 173 */ 174 function doTest ($baseurl, $urltocheck, $what) 175 { 176 global $failed_tests; 177 178 $retval = ''; 179 180 $retval .= '<li>'; 181 $retcode = doHeadRequest ($baseurl . $urltocheck, $errmsg); 182 if ($retcode == 777) { 183 $retval .= $errmsg; 184 $failed_tests++; 185 } else { 186 $retval .= interpretResult ($retcode, $what); 187 } 188 $retval .= '</li>' . LB; 189 190 return $retval; 191 } 192 193 /** 194 * Check for the existence of the install directory 195 * 196 * @return string text explaining the result of the test 197 * 198 * @note This test used to be part of the "Get Bent" block in lib-custom.php 199 * 200 */ 201 function checkInstallDir () 202 { 203 global $_CONF, $failed_tests; 204 205 $retval = ''; 206 207 // we don't have the path to the admin directory, so try to figure it out 208 // from $_CONF['site_admin_url'] 209 $adminurl = $_CONF['site_admin_url']; 210 if (strrpos ($adminurl, '/') == strlen ($adminurl)) { 211 $adminurl = substr ($adminurl, 0, -1); 212 } 213 $pos = strrpos ($adminurl, '/'); 214 if ($pos === false) { 215 // only guessing ... 216 $installdir = $_CONF['path_html'] . 'admin/install'; 217 } else { 218 $installdir = $_CONF['path_html'] . substr ($adminurl, $pos + 1) 219 . '/install'; 220 } 221 222 if (is_dir ($installdir)) { 223 $retval .= '<li>You should really remove the install directory <b>' . $installdir .'</b> once you have your site up and running without any errors.'; 224 $retval .= ' Keeping it around would allow malicious users the ability to destroy your current install, take over your site, or retrieve sensitive information.</li>'; 225 $failed_tests++; 226 } else { 227 $retval .= '<li>Good! You seem to have removed the install directory already.</li>'; 228 } 229 230 return $retval; 231 } 232 233 /** 234 * Check for accounts that still use the default password 235 * 236 * @return string text explaining the result of the test 237 * 238 * @note If one of our users is also using "password" as their password, this 239 * test will also detect that, as it checks all accounts. 240 * 241 */ 242 function checkDefaultPassword () 243 { 244 global $_TABLES, $failed_tests; 245 246 $retval = ''; 247 248 // check to see if any account still has 'password' as its password. 249 $count = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['users']} WHERE passwd='" . md5 ('password') . "'"); 250 $A = DB_fetchArray ($count); 251 if ($A['count'] > 0) { 252 $retval .= '<li>You still have not changed the <strong>default password</strong> from "password" on ' . $A['count'] . ' account(s).'; 253 $failed_tests++; 254 } else { 255 $retval .= '<li>Good! You seem to have changed the default account password already.</li>'; 256 } 257 258 return $retval; 259 } 260 261 // MAIN 262 $display = COM_siteHeader ('menu', 'Geeklog Security Check'); 263 $display .= COM_startBlock ('Results of the Security Check'); 264 265 $url = urlToCheck (); 266 if (!empty ($url)) { 267 268 $display .= '<ol>'; 269 270 if (strpos ($_SERVER['PHP_SELF'], 'public_html') !== false) { 271 $display .= '<li>"public_html" should never be part of your site\'s URL. Please read the part about public_html in the <a href="../docs/install.html#public_html">installation instructions</a> again and change your setup accordingly before you proceed.</li>'; 272 $failed_tests++; 273 } 274 275 $display .= checkInstallDir (); 276 277 $urls = array 278 ( 279 array ('config.php', 'config.php' ), 280 array ('logs/error.log', 'logs directory'), 281 array ('plugins/staticpages/functions.inc', 'plugins directory'), 282 array ('system/lib-security.php', 'system directory') 283 ); 284 285 foreach ($urls as $tocheck) { 286 $display .= doTest ($url, $tocheck[0], $tocheck[1]); 287 } 288 289 // Note: We're not testing the 'sql' and 'language' directories. 290 291 if (($_CONF['allow_mysqldump'] == 1) && ($_DB_dbms == 'mysql')) { 292 if (makeTempfile ($_CONF['backup_path'] . 'test.txt')) { 293 $display .= doTest ($url, 'backups/test.txt', 'backups directory'); 294 @unlink ($_CONF['backup_path'] . 'test.txt'); 295 } else { 296 $display .= '<li>Failed to create a temporary file in your backups directory. Check your directory permissions!</li>'; 297 } 298 } 299 300 if (makeTempfile ($_CONF['path_data'] . 'test.txt')) { 301 $display .= doTest ($url, 'data/test.txt', 'data directory'); 302 @unlink ($_CONF['path_data'] . 'test.txt'); 303 } else { 304 $display .= '<li>Failed to create a temporary file in your data directory. Check your directory permissions!</li>'; 305 } 306 307 $display .= checkDefaultPassword (); 308 309 $display .= '</ol>'; 310 311 } else { 312 313 $resultInstallDirCheck = checkInstallDir (); 314 $resultPasswordCheck = checkDefaultPassword (); 315 316 if ($failed_tests == 0) { 317 $display .= '<p>Everything seems to be in order.</p>'; 318 } else { 319 $display .= '<ol>'; 320 $display .= $resultInstallDirCheck . LB . $resultPasswordCheck; 321 $display .= '</ol>'; 322 } 323 324 } 325 326 if ($failed_tests > 0) { 327 $display .= '<p class="warningsmall"><strong>Please fix the above issues before using your site!</strong></p>'; 328 329 DB_save ($_TABLES['vars'], 'name,value', "'security_check','0'"); 330 } else { 331 $display .= '<p>Please note that no site is ever 100% secure. This script can only test for obvious security issues.</p>'; 332 333 DB_save ($_TABLES['vars'], 'name,value', "'security_check','1'"); 334 } 335 336 $display .= '<p>To stay informed about new Geeklog releases and possible security issues, we suggest that you subscribe to the (low-traffic) <a href="http://lists.geeklog.net/mailman/listinfo/geeklog-announce">geeklog-announce</a> mailing list and/or use the <strong>' . $LANG01[107] . '</strong> option in your Admin menu from time to time to check for available updates.</p>'; 337 338 $display .= COM_endBlock (); 339 $display .= COM_siteFooter (); 340 341 echo $display; 342 343 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 12:27:40 2007 | par Balluche grâce à PHPXref 0.7 |
|
|